Online Safety in India: Prevent Scams, Report Fraud, and Recover Accounts

Online safety is not mainly about recognizing every new scam name. It is about slowing down at the right moment, checking a request through an independent channel, and knowing where to report an incident in India.

This guide gives you a practical response system for suspicious calls, messages, payment requests, account alerts, lost phones, and online fraud. It is written for Indian internet users, but most prevention and account-recovery steps apply anywhere.

If you are in immediate physical danger or someone is threatening violence, contact local emergency services or police rather than continuing the conversation online.

Use a verification pause before you act

Many scams succeed by creating a reason not to verify. The caller may claim that your account will be blocked, a family member is in danger, a parcel contains illegal goods, a job offer will disappear, or a refund must be accepted immediately. The story changes; the pressure pattern is remarkably consistent.

A verification pause has four steps:

1. Stop. Do not make a decision while the other person controls the pace.
2. Leave the channel. End the call, close the message, or exit the video meeting.
3. Find a trusted route yourself. Use the number on your bank card, an official app, a bookmarked website, a known family contact, or a previously saved company number. Do not use contact details supplied in the suspicious message.
4. Confirm the specific claim. Ask whether the transaction, emergency, investigation, delivery, or account action is real.

This is especially important when a voice or video appears familiar. Synthetic voices and manipulated video can imitate someone you know. Our deepfake scam verification guide explains how to move the conversation to an independent channel and verify the person without relying on appearance or voice alone.

Recognize the pressure patterns behind common scams

You do not need to memorize hundreds of scam scripts. Watch for combinations of these behaviours:

• Urgency: “Act now,” “your account will close,” or “do not disconnect.”
• Authority: impersonating a bank, police officer, regulator, courier, government department, employer, or senior executive.
• Secrecy: telling you not to contact family, colleagues, the bank, or police.
• Unusual payment: requesting a transfer to a personal account, gift card, crypto wallet, unfamiliar UPI ID, or “safe account.”
• Credential requests: asking for a password, PIN, OTP, recovery code, card details, screen share, or remote-control access.
• Unexpected links or files: asking you to sign in, update KYC, track a parcel, claim a refund, view a document, or install an app.
• Guaranteed rewards: promising easy jobs, investment returns, prizes, refunds, or commissions with little risk.
• Escalating commitment: starting with a small harmless task or payment and gradually demanding more.

AI can make these approaches more convincing, but it does not change the safe response. Treat unverified urgency, secrecy, and requests for money or access as signals to stop and check. See our guide to AI-powered scam tactics for more examples.

Protect payments before a scam happens

Payment safety depends on control of your device, credentials, and approval step. A caller who knows your name, bank, recent purchase, or partial card information is not automatically genuine.

• Never disclose a card PIN, UPI PIN, password, OTP, CVV, recovery code, or screen-lock code to a caller or message sender.
• Read the payment screen carefully before approving. Check the payee, amount, and whether the action sends money or authorizes a mandate.
• Open your payment app directly instead of following a payment or KYC link in a message.
• Keep transaction notifications enabled and review unexpected debits immediately.
• Use device locks and biometric protection, but remember that an unlocked device handed to another person can still expose apps and messages.
• Do not install remote-access or screen-sharing software because an unsolicited caller asks you to.
• Use payment limits that fit your normal needs. Lower limits can reduce damage if an account is misused.

If an unauthorized electronic banking transaction appears, the Reserve Bank of India advises customers to notify the bank immediately and obtain an acknowledgement. Its consumer guidance also warns that delayed reporting can increase the customer’s loss under the applicable rules and the bank’s approved policy. Use your bank’s official reporting route, not a phone number or link supplied by the person who contacted you.

Secure your accounts and recovery options

A strong password is useful, but account safety also depends on recovery email addresses, phone numbers, active sessions, connected apps, and the security of your primary email account.

1. Use a unique password for every important account. A password manager can create and store long passwords so one breach does not unlock several services.
2. Turn on the strongest multi-factor option the service supports. Passkeys or security keys can provide stronger phishing resistance than codes, while authenticator apps are generally safer than reusing passwords alone.
3. Review recovery phone numbers and email addresses. Remove anything you do not recognize or no longer control.
4. Check active devices and recent security events. Sign out unfamiliar sessions.
5. Review third-party apps and services with access to email, contacts, files, social media, or cloud storage.
6. Keep your operating system, browser, and apps updated through official stores and built-in update tools.

For Google users, our detailed Google Account safety and recovery guide covers Security Checkup, passkeys, signed-in devices, recovery options, and third-party access.

Be careful with shopping, jobs, and social media

Online shopping

Before paying an unfamiliar seller, check how long the domain and social profile appear to have existed, whether contact and return information is coherent, and whether independent sources describe real deliveries. A polished website, copied reviews, or a social-media advertisement does not prove that the seller is legitimate.

Be cautious when the seller pushes you away from a platform’s protected checkout, demands payment to a personal account, or sends a link to “receive” a refund. Our long-form e-commerce scam guide covers fake stores, counterfeit listings, delivery messages, payment traps, and dispute preparation.

Jobs and task scams

A real employer should be independently verifiable and able to explain the role, selection process, contract, and payment arrangements. Treat advance fees, paid training controlled by the recruiter, deposits for equipment, and escalating “recharge” tasks as serious warning signs.

Do not send identity documents to an unverified recruiter merely because the message uses a company logo. Our WhatsApp job scam guide explains how fake remote-job and task offers build trust before asking for money.

Messaging and social accounts

Attackers may use a compromised account belonging to a friend, relative, or colleague. A familiar profile photo and conversation history can make a request feel genuine. Confirm unusual requests outside the chat, especially requests for money, OTPs, gift cards, votes, account recovery help, or urgent document access.

Our guides to WhatsApp scams in India, OTP scams, and social media account security provide more focused prevention and recovery steps.

Choose the correct reporting route in India

Different official services handle different situations. Using the right route helps you give the information to the organization that can act on it.

The Indian Cybercrime Coordination Centre describes the National Cybercrime Reporting Portal as a system through which the public can report cybercrime, with special focus on financial cyber fraud and crimes against women and children. Its financial-fraud reporting system connects law-enforcement agencies, banks, payment intermediaries, wallets, and other participants. This coordination can support faster action, but it should never be described as a guarantee that lost funds will be returned.

Preserve evidence without creating more risk

Useful evidence should show who contacted you, what they requested, what action occurred, and when it happened. Save what is available without continuing the conversation purely to collect more material.

• Phone numbers, email addresses, usernames, profile links, and website URLs.
• Message screenshots that include the sender and time.
• Transaction IDs, UPI IDs, beneficiary details, amounts, and bank acknowledgements.
• Call times and any voicemail that your device lawfully retained.
• Original emails, including headers where possible.
• Names of apps installed or permissions granted during the incident.
• A short timeline written while the details are fresh.

Do not publicly post identity documents, bank details, private images, or complete transaction records while asking for help. Redact sensitive information when sharing a copy with anyone who is not the bank, platform, police, or official reporting service. Do not forward abusive or illegal material to friends or social groups.

Recover a compromised account or device

Use a device you trust. If the affected device was remotely controlled, infected, or handed to another person while unlocked, avoid using it for sensitive recovery until you have removed the access and checked the device.

1. Secure the primary email account first. It may control password resets for other services.
2. Change the password and revoke unknown sessions. Do not only change the password; some services keep existing sessions active.
3. Correct recovery information. Remove unknown phone numbers, email addresses, forwarding rules, and authentication methods.
4. Review connected apps and permissions. Revoke tools you did not authorize or no longer use.
5. Check financial and shopping accounts. Look for new payees, mandates, cards, addresses, orders, or stored payment methods.
6. Warn affected contacts. If your account sent scam messages, notify contacts through another trusted channel.
7. Monitor after recovery. Watch for password-reset messages, SIM issues, unfamiliar logins, and follow-up scams claiming to recover your money.

Be wary of anyone who promises guaranteed recovery for an upfront fee. Victims are often targeted again by people pretending to be investigators, lawyers, platform staff, or fund-recovery specialists.

Make online safety easier for your family

Safety plans work better when they are agreed before an emergency. A short family conversation can reduce the power of a convincing impersonation call.

• Agree that urgent money requests will always be verified through a second channel.
• Choose one or two trusted contacts who can help verify emergencies.
• Explain that banks and genuine support teams do not need a customer to reveal a password, PIN, or OTP.
• Help family members save official bank and telecom support routes before they need them.
• Review privacy settings and account recovery details together.
• Encourage people to ask for help without embarrassment. Shame and secrecy make it easier for scammers to demand further payments.

A family verification phrase can be useful, but do not treat it as the only proof of identity. It may be overheard, disclosed, or found in messages. An independent callback to a known number remains important.

A simple first-hour checklist

1. Stop the interaction and do not make another payment.
2. Call the bank or provider through an official route and obtain a complaint acknowledgement.
3. Call 1930 for financial cyber fraud and file the online complaint.
4. Secure email, banking, messaging, and other affected accounts from a trusted device.
5. Block or replace a compromised SIM when necessary.
6. Save transaction and communication evidence.
7. Tell trusted contacts if your identity or account is being used to approach them.
8. Record every complaint or reference number for follow-up.

Questions people often ask

Should I call 1930 before contacting my bank?

Do both promptly. Contact the bank or payment provider through its official channel so it can secure the account and record the unauthorized transaction. Call 1930 and submit the cybercrime complaint as well. Do not delay one report while trying to prepare a perfect file for the other.

Can I use Chakshu after losing money?

Chakshu is designed for reporting suspected fraudulent communications such as calls, SMS, and WhatsApp messages. Sanchar Saathi directs people who have already lost money or experienced cybercrime to 1930 or the National Cyber Crime Reporting Portal.

Does calling 1930 guarantee that money will be recovered?

No. Prompt reporting can help the relevant organizations act sooner, but recovery depends on the transaction, timing, movement of funds, evidence, and investigation. Avoid anyone who guarantees recovery.

What if the caller already knows my personal information?

Personal information can come from data breaches, public profiles, compromised contacts, marketing databases, documents, or previous interactions. Knowledge of your name, address, bank, workplace, or a recent purchase is not proof that the caller is genuine.

Should I keep talking to collect evidence?

Usually, no. Preserve the evidence you already have and end the interaction. Continuing can expose more information, create pressure, or lead to another payment. Follow instructions from your bank or law enforcement if they specifically ask you to retain or provide something.

Official resources

• National Cyber Crime Reporting Portal
• Indian Cybercrime Coordination Centre: National Cybercrime Reporting Portal
• Sanchar Saathi
• Reserve Bank of India: Customer liability in unauthorized electronic banking transactions
• Cyber Swachhta Kendra

Reviewed by the Infosiast Editorial Team on June 12, 2026. Reporting services, product interfaces, and fraud patterns can change; verify urgent instructions on the official websites linked above.